Not all ransomware directly attacks corporate networks. There is still plenty of it around that goes after home users, and the effects can be just as devastating, if not more so, than ransomware that hits organizations—it’s quite possible that the ordinary family doesn’t have the financial resources to survive such an attack.
One example of home-user malware that’s growing as a threat is Magniber ransomware, which lay dormant for a number of years, but has come back with a vengeance.
Magniber ransomware was first detected in 2017, according to Trend Micro. It started out targeting Asian countries, especially Taiwan, but has begun to spread beyond Asia and is now found on almost every continent, including the United States.
Not much was heard from Magniber after the initial flurry of attacks, but it was noticed again in 2021, and in 2022 gained prominence. It attacks Windows computers, which makes it a threat to most environments.
Magniber is known as “single-client” ransomware in that it hits single computers rather than propagating throughout a network. This doesn’t mean it’s not dangerous, however. HP, which recently wrote about Magniber, said single-client ransomware “… can still cause significant damage to individuals and organizations.”
BleepingComputer noted that Magniber has changed tactics recently and become more hazardous. Previously, it used MSI and EXE files to distribute its payload, but evidence shows that it’s switched to using JavaScript files. The new files reduce the malware’s ability to be detected by antivirus software, increasing the chance of successful deployment. It requires bypassing the User Account Control (UAC) feature in Windows, and creates a new registry key that can lead to system compromise.
Magniber then encrypts host files, demands a $2,500 ransom, and provides instructions for restoring files once the ransom is paid. Magniber does not, as of yet, engage in double or triple extortion and threaten to expose private information on a public website.
Magniber exploits a Windows vulnerability to do its work, but an update released in late 2022, CVE-2022-44698, fixed this flaw. The change to using JavaScript could be related to the fact that Microsoft issued the patch. Magniber specifically goes after the Windows 10 and Windows 11 operating systems. The lesson, as ever: keep your systems up-to-date with patches, whether at work or at home.
Even though Magniber currently seems to be content targeting single systems, it could evolve from there, as a blog from Innovative Cybersecurity points out: “Magniber has not yet been observed as being paired with any worming or spreading mechanisms to infect more than one machine at a time; however, this would be the next logical step in its evolution.”
Magniber doesn’t grab the headlines the way the famous types do: Cryptolocker, NotPetya, REvil, WannaCry and the like are well known and feared—for good reason. In a way, though, that makes more under-the-radar ransomware like Magniber a serious threat. The attack vectors of the other types are more likely to be defended against. Many admins and security workers may not even know it exists.
And if Magniber continues to be relatively unknown and evolves to gain virus capabilities, it could soon threaten everyone. Even if it doesn’t, it could devastate users at home who could lose critical data as well as a lot of money.
